High severityauthentication
Power BI Error:
AADSTS90121, Empty Authentication Request
What does this error mean?
Microsoft Entra ID (Azure AD) received an authentication request with an empty or missing body where parameters were required.
Common causes
- 1A custom OAuth/OIDC client posts to the /token or /authorize endpoint with an empty request body (Content-Length: 0)
- 2A reverse proxy, WAF, or API gateway strips the POST body before it reaches login.microsoftonline.com
- 3An SDK or HTTP library is misconfigured and sends a GET where a POST with form-encoded parameters is required
- 4A browser-based redirect was interrupted or refreshed, dropping the form parameters mid-flight
- 5A Power BI gateway or custom data connector builds the auth request with uninitialized variables, resulting in empty form fields
How to fix it
- 1Capture the failing HTTP request with Fiddler, Charles, or browser DevTools — confirm whether the POST body to /oauth2/v2.0/token is genuinely empty or contains the expected grant_type, client_id, scope, and code/refresh_token parameters
- 2Verify the Content-Type header is set to application/x-www-form-urlencoded (not application/json) — Entra ID's token endpoint rejects JSON bodies as empty form requests
- 3If a proxy, WAF, or corporate gateway sits between client and login.microsoftonline.com, bypass it temporarily to confirm whether it is stripping the request body
- 4For custom Power BI connectors or ADF linked services, re-test with a freshly generated client secret/certificate and verify all required parameters are non-null before the HTTP call
- 5If the error appears in a browser flow, clear cookies for login.microsoftonline.com and retry — a stale or interrupted session can cause the form post to submit empty